cdk-iam-floyd
Version:
AWS IAM policy statement generator with fluent interface for AWS CDK
1,327 lines • 132 kB
JavaScript
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.Cleanrooms = void 0;
const shared_1 = require("../../shared");
/**
* Statement provider for service [cleanrooms](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awscleanrooms.html).
*
* @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement
*/
class Cleanrooms extends shared_1.PolicyStatement {
/**
* Grants permission to view details of analysisTemplates associated to the collaboration
*
* Access Level: Read
*
* Dependent actions:
* - cleanrooms:GetCollaborationAnalysisTemplate
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_BatchGetCollaborationAnalysisTemplate.html
*/
toBatchGetCollaborationAnalysisTemplate() {
return this.to('BatchGetCollaborationAnalysisTemplate');
}
/**
* Grants permission to view details for schemas
*
* Access Level: Read
*
* Dependent actions:
* - cleanrooms:GetSchema
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_BatchGetSchema.html
*/
toBatchGetSchema() {
return this.to('BatchGetSchema');
}
/**
* Grants permission to view analysis rules associated with schemas
*
* Access Level: Read
*
* Dependent actions:
* - cleanrooms:GetSchema
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_BatchGetSchemaAnalysisRule.html
*/
toBatchGetSchemaAnalysisRule() {
return this.to('BatchGetSchemaAnalysisRule');
}
/**
* Grants permission to create a new analysis template
*
* Access Level: Write
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_CreateAnalysisTemplate.html
*/
toCreateAnalysisTemplate() {
return this.to('CreateAnalysisTemplate');
}
/**
* Grants permission to create a new collaboration, a shared data collaboration environment
*
* Access Level: Write
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_CreateCollaboration.html
*/
toCreateCollaboration() {
return this.to('CreateCollaboration');
}
/**
* Grants permission to link a Cleanrooms ML configured audience model with a collaboration by creating a new association
*
* Access Level: Write
*
* Dependent actions:
* - cleanrooms-ml:GetConfiguredAudienceModel
* - cleanrooms-ml:GetConfiguredAudienceModelPolicy
* - cleanrooms-ml:PutConfiguredAudienceModelPolicy
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_CreateConfiguredAudienceModelAssociation.html
*/
toCreateConfiguredAudienceModelAssociation() {
return this.to('CreateConfiguredAudienceModelAssociation');
}
/**
* Grants permission to create a new configured table
*
* Access Level: Write
*
* Dependent actions:
* - athena:GetTableMetadata
* - glue:BatchGetPartition
* - glue:GetDatabase
* - glue:GetDatabases
* - glue:GetPartition
* - glue:GetPartitions
* - glue:GetSchemaVersion
* - glue:GetTable
* - glue:GetTables
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_CreateConfiguredTable.html
*/
toCreateConfiguredTable() {
return this.to('CreateConfiguredTable');
}
/**
* Grants permission to create a analysis rule for a configured table
*
* Access Level: Write
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_CreateConfiguredTableAnalysisRule.html
*/
toCreateConfiguredTableAnalysisRule() {
return this.to('CreateConfiguredTableAnalysisRule');
}
/**
* Grants permission to link a configured table with a collaboration by creating a new association
*
* Access Level: Write
*
* Dependent actions:
* - iam:PassRole
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_CreateConfiguredTableAssociation.html
*/
toCreateConfiguredTableAssociation() {
return this.to('CreateConfiguredTableAssociation');
}
/**
* Grants permission to create an analysis rule for a configured table association
*
* Access Level: Write
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_CreateConfiguredTableAssociationAnalysisRule.html
*/
toCreateConfiguredTableAssociationAnalysisRule() {
return this.to('CreateConfiguredTableAssociationAnalysisRule');
}
/**
* Grants permission to link an id mapping workflow with a collaboration by creating a new id mapping table
*
* Access Level: Write
*
* Dependent actions:
* - entityresolution:AddPolicyStatement
* - entityresolution:GetIdMappingWorkflow
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_CreateIdMappingTable.html
*/
toCreateIdMappingTable() {
return this.to('CreateIdMappingTable');
}
/**
* Grants permission to link an AWS Entity Resolution Id Namespace with a collaboration by creating a new association
*
* Access Level: Write
*
* Dependent actions:
* - entityresolution:AddPolicyStatement
* - entityresolution:GetIdNamespace
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_CreateIdNamespaceAssociation.html
*/
toCreateIdNamespaceAssociation() {
return this.to('CreateIdNamespaceAssociation');
}
/**
* Grants permission to join collaborations by creating a membership
*
* Access Level: Write
*
* Dependent actions:
* - iam:PassRole
* - logs:CreateLogDelivery
* - logs:CreateLogGroup
* - logs:DeleteLogDelivery
* - logs:DescribeLogGroups
* - logs:DescribeResourcePolicies
* - logs:GetLogDelivery
* - logs:ListLogDeliveries
* - logs:PutResourcePolicy
* - logs:UpdateLogDelivery
* - s3:GetBucketLocation
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_CreateMembership.html
*/
toCreateMembership() {
return this.to('CreateMembership');
}
/**
* Grants permission to create a new privacy budget template
*
* Access Level: Write
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_CreatePrivacyBudgetTemplate.html
*/
toCreatePrivacyBudgetTemplate() {
return this.to('CreatePrivacyBudgetTemplate');
}
/**
* Grants permission to delete an existing analysis template
*
* Access Level: Write
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_DeleteAnalysisTemplate.html
*/
toDeleteAnalysisTemplate() {
return this.to('DeleteAnalysisTemplate');
}
/**
* Grants permission to delete an existing collaboration
*
* Access Level: Write
*
* Dependent actions:
* - cleanrooms-ml:DeleteConfiguredAudienceModelPolicy
* - cleanrooms-ml:GetConfiguredAudienceModelPolicy
* - cleanrooms-ml:PutConfiguredAudienceModelPolicy
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_DeleteCollaboration.html
*/
toDeleteCollaboration() {
return this.to('DeleteCollaboration');
}
/**
* Grants permission to delete an existing configured audience model association
*
* Access Level: Write
*
* Dependent actions:
* - cleanrooms-ml:DeleteConfiguredAudienceModelPolicy
* - cleanrooms-ml:GetConfiguredAudienceModelPolicy
* - cleanrooms-ml:PutConfiguredAudienceModelPolicy
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_DeleteConfiguredAudienceModelAssociation.html
*/
toDeleteConfiguredAudienceModelAssociation() {
return this.to('DeleteConfiguredAudienceModelAssociation');
}
/**
* Grants permission to delete a configured table
*
* Access Level: Write
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_DeleteConfiguredTable.html
*/
toDeleteConfiguredTable() {
return this.to('DeleteConfiguredTable');
}
/**
* Grants permission to delete an existing analysis rule
*
* Access Level: Write
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_DeleteConfiguredTableAnalysisRule.html
*/
toDeleteConfiguredTableAnalysisRule() {
return this.to('DeleteConfiguredTableAnalysisRule');
}
/**
* Grants permission to remove a configured table association from a collaboration
*
* Access Level: Write
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_DeleteConfiguredTableAssociation.html
*/
toDeleteConfiguredTableAssociation() {
return this.to('DeleteConfiguredTableAssociation');
}
/**
* Grants permission to delete an existing configured table association analysis rule
*
* Access Level: Write
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_DeleteConfiguredTableAssociationAnalysisRule.html
*/
toDeleteConfiguredTableAssociationAnalysisRule() {
return this.to('DeleteConfiguredTableAssociationAnalysisRule');
}
/**
* Grants permission to remove an id mapping table from a collaboration
*
* Access Level: Write
*
* Dependent actions:
* - entityresolution:DeletePolicyStatement
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_DeleteIdMappingTable.html
*/
toDeleteIdMappingTable() {
return this.to('DeleteIdMappingTable');
}
/**
* Grants permission to remove an Id Namespace Association from a collaboration
*
* Access Level: Write
*
* Dependent actions:
* - entityresolution:DeletePolicyStatement
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_DeleteIdNamespaceAssociation.html
*/
toDeleteIdNamespaceAssociation() {
return this.to('DeleteIdNamespaceAssociation');
}
/**
* Grants permission to delete members from a collaboration
*
* Access Level: Write
*
* Dependent actions:
* - cleanrooms-ml:DeleteConfiguredAudienceModelPolicy
* - cleanrooms-ml:GetConfiguredAudienceModelPolicy
* - cleanrooms-ml:PutConfiguredAudienceModelPolicy
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_DeleteMember.html
*/
toDeleteMember() {
return this.to('DeleteMember');
}
/**
* Grants permission to leave collaborations by deleting a membership
*
* Access Level: Write
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_DeleteMembership.html
*/
toDeleteMembership() {
return this.to('DeleteMembership');
}
/**
* Grants permission to delete an existing privacy budget template
*
* Access Level: Write
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_DeletePrivacyBudgetTemplate.html
*/
toDeletePrivacyBudgetTemplate() {
return this.to('DeletePrivacyBudgetTemplate');
}
/**
* Grants permission to view details for an analysis template
*
* Access Level: Read
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_GetAnalysisTemplate.html
*/
toGetAnalysisTemplate() {
return this.to('GetAnalysisTemplate');
}
/**
* Grants permission to view details for a collaboration
*
* Access Level: Read
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_GetCollaboration.html
*/
toGetCollaboration() {
return this.to('GetCollaboration');
}
/**
* Grants permission to view details for an analysis template within a collaboration
*
* Access Level: Read
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_GetCollaborationAnalysisTemplate.html
*/
toGetCollaborationAnalysisTemplate() {
return this.to('GetCollaborationAnalysisTemplate');
}
/**
* Grants permission to view details for a configured audience model association within a collaboration
*
* Access Level: Read
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_GetCollaborationConfiguredAudienceModelAssociation.html
*/
toGetCollaborationConfiguredAudienceModelAssociation() {
return this.to('GetCollaborationConfiguredAudienceModelAssociation');
}
/**
* Grants permission to get id namespace association within a collaboration
*
* Access Level: Read
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_GetCollaborationIdNamespaceAssociation.html
*/
toGetCollaborationIdNamespaceAssociation() {
return this.to('GetCollaborationIdNamespaceAssociation');
}
/**
* Grants permission to view details for a privacy budget template within a collaboration
*
* Access Level: Read
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_GetCollaborationPrivacyBudgetTemplate.html
*/
toGetCollaborationPrivacyBudgetTemplate() {
return this.to('GetCollaborationPrivacyBudgetTemplate');
}
/**
* Grants permission to view details for a configured audience model association
*
* Access Level: Read
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_GetConfiguredAudienceModelAssociation.html
*/
toGetConfiguredAudienceModelAssociation() {
return this.to('GetConfiguredAudienceModelAssociation');
}
/**
* Grants permission to view details for a configured table
*
* Access Level: Read
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_GetConfiguredTable.html
*/
toGetConfiguredTable() {
return this.to('GetConfiguredTable');
}
/**
* Grants permission to view analysis rules for a configured table
*
* Access Level: Read
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_GetConfiguredTableAnalysisRule.html
*/
toGetConfiguredTableAnalysisRule() {
return this.to('GetConfiguredTableAnalysisRule');
}
/**
* Grants permission to view details for a configured table association
*
* Access Level: Read
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_GetConfiguredTableAssociation.html
*/
toGetConfiguredTableAssociation() {
return this.to('GetConfiguredTableAssociation');
}
/**
* Grants permission to view analysis rules for a configured table association
*
* Access Level: Read
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_GetConfiguredTableAssociationAnalysisRule.html
*/
toGetConfiguredTableAssociationAnalysisRule() {
return this.to('GetConfiguredTableAssociationAnalysisRule');
}
/**
* Grants permission to view details of an id mapping table
*
* Access Level: Read
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_GetIdMappingTable.html
*/
toGetIdMappingTable() {
return this.to('GetIdMappingTable');
}
/**
* Grants permission to view details of an id namespace association
*
* Access Level: Read
*
* Dependent actions:
* - entityresolution:GetIdNamespace
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_GetIdNamespaceAssociation.html
*/
toGetIdNamespaceAssociation() {
return this.to('GetIdNamespaceAssociation');
}
/**
* Grants permission to view details about a membership
*
* Access Level: Read
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_GetMembership.html
*/
toGetMembership() {
return this.to('GetMembership');
}
/**
* Grants permission to view details for a privacy budget template
*
* Access Level: Read
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_GetPrivacyBudgetTemplate.html
*/
toGetPrivacyBudgetTemplate() {
return this.to('GetPrivacyBudgetTemplate');
}
/**
* Grants permission to view a protected job
*
* Access Level: Read
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_GetProtectedJob.html
*/
toGetProtectedJob() {
return this.to('GetProtectedJob');
}
/**
* Grants permission to view a protected query
*
* Access Level: Read
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_GetProtectedQuery.html
*/
toGetProtectedQuery() {
return this.to('GetProtectedQuery');
}
/**
* Grants permission to view details for a schema
*
* Access Level: Read
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_GetSchema.html
*/
toGetSchema() {
return this.to('GetSchema');
}
/**
* Grants permission to view analysis rules associated with a schema
*
* Access Level: Read
*
* Dependent actions:
* - cleanrooms:GetSchema
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_GetSchemaAnalysisRule.html
*/
toGetSchemaAnalysisRule() {
return this.to('GetSchemaAnalysisRule');
}
/**
* Grants permission to list available analysis templates
*
* Access Level: List
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_ListAnalysisTemplates.html
*/
toListAnalysisTemplates() {
return this.to('ListAnalysisTemplates');
}
/**
* Grants permission to list available analysis templates within a collaboration
*
* Access Level: List
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_ListCollaborationAnalysisTemplates.html
*/
toListCollaborationAnalysisTemplates() {
return this.to('ListCollaborationAnalysisTemplates');
}
/**
* Grants permission to list available configured audience model association within a collaboration
*
* Access Level: List
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_ListCollaborationConfiguredAudienceModelAssociations.html
*/
toListCollaborationConfiguredAudienceModelAssociations() {
return this.to('ListCollaborationConfiguredAudienceModelAssociations');
}
/**
* Grants permission to list id namespace within a collaboration
*
* Access Level: List
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_ListCollaborationIdNamespaceAssociations.html
*/
toListCollaborationIdNamespaceAssociations() {
return this.to('ListCollaborationIdNamespaceAssociations');
}
/**
* Grants permission to list available privacy budget templates within a collaboration
*
* Access Level: List
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_ListCollaborationPrivacyBudgetTemplates.html
*/
toListCollaborationPrivacyBudgetTemplates() {
return this.to('ListCollaborationPrivacyBudgetTemplates');
}
/**
* Grants permission to list privacy budgets within a collaboration
*
* Access Level: List
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_ListCollaborationPrivacyBudgets.html
*/
toListCollaborationPrivacyBudgets() {
return this.to('ListCollaborationPrivacyBudgets');
}
/**
* Grants permission to list available collaborations
*
* Access Level: List
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_ListCollaborations.html
*/
toListCollaborations() {
return this.to('ListCollaborations');
}
/**
* Grants permission to list available configured audience model associations for a membership
*
* Access Level: List
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_ListConfiguredAudienceModelAssociations.html
*/
toListConfiguredAudienceModelAssociations() {
return this.to('ListConfiguredAudienceModelAssociations');
}
/**
* Grants permission to list available configured table associations for a membership
*
* Access Level: List
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_ListConfiguredTableAssociations.html
*/
toListConfiguredTableAssociations() {
return this.to('ListConfiguredTableAssociations');
}
/**
* Grants permission to list available configured tables
*
* Access Level: List
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_ListConfiguredTables.html
*/
toListConfiguredTables() {
return this.to('ListConfiguredTables');
}
/**
* Grants permission to list available id mapping tables for a membership
*
* Access Level: List
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_ListIdMappingTables.html
*/
toListIdMappingTables() {
return this.to('ListIdMappingTables');
}
/**
* Grants permission to list entity resolution data associations for a membership
*
* Access Level: List
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_ListIdNamespaceAssociations.html
*/
toListIdNamespaceAssociations() {
return this.to('ListIdNamespaceAssociations');
}
/**
* Grants permission to list the members of a collaboration
*
* Access Level: List
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_ListMembers.html
*/
toListMembers() {
return this.to('ListMembers');
}
/**
* Grants permission to list available memberships
*
* Access Level: List
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_ListMemberships.html
*/
toListMemberships() {
return this.to('ListMemberships');
}
/**
* Grants permission to list available privacy budget templates
*
* Access Level: List
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_ListPrivacyBudgetTemplates.html
*/
toListPrivacyBudgetTemplates() {
return this.to('ListPrivacyBudgetTemplates');
}
/**
* Grants permission to list available privacy budgets
*
* Access Level: List
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_ListPrivacyBudgets.html
*/
toListPrivacyBudgets() {
return this.to('ListPrivacyBudgets');
}
/**
* Grants permission to list protected jobs
*
* Access Level: List
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_ListProtectedJobs.html
*/
toListProtectedJobs() {
return this.to('ListProtectedJobs');
}
/**
* Grants permission to list protected queries
*
* Access Level: List
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_ListProtectedQueries.html
*/
toListProtectedQueries() {
return this.to('ListProtectedQueries');
}
/**
* Grants permission to view available schemas for a collaboration
*
* Access Level: List
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_ListSchemas.html
*/
toListSchemas() {
return this.to('ListSchemas');
}
/**
* Grants permission to list tags for a resource
*
* Access Level: List
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_ListTagsForResource.html
*/
toListTagsForResource() {
return this.to('ListTagsForResource');
}
/**
* Grants permission to access a collaboration in the context of Clean Rooms ML custom models
*
* Access Level: Read
*
* https://docs.aws.amazon.com/clean-rooms/latest/userguide/ml-behaviors-byom.html#ml-behaviors-byom-membership-collaboration-access
*/
toPassCollaboration() {
return this.to('PassCollaboration');
}
/**
* Grants permission to access a membership in the context of Clean Rooms ML custom models
*
* Access Level: Read
*
* https://docs.aws.amazon.com/clean-rooms/latest/userguide/ml-behaviors-byom.html#ml-behaviors-byom-membership-collaboration-access
*/
toPassMembership() {
return this.to('PassMembership');
}
/**
* Grants permission to start an Id Mapping Job in AWS Entity Resolution to generate id mapping results in cleanrooms collaboration.
*
* Access Level: Write
*
* Dependent actions:
* - entityresolution:GetIdMappingWorkflow
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_PopulateIdMappingTable.html
*/
toPopulateIdMappingTable() {
return this.to('PopulateIdMappingTable');
}
/**
* Grants permission to preview privacy budget template settings
*
* Access Level: Read
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_PreviewPrivacyImpact.html
*/
toPreviewPrivacyImpact() {
return this.to('PreviewPrivacyImpact');
}
/**
* Grants permission to start protected jobs
*
* Access Level: Write
*
* Dependent actions:
* - cleanrooms:GetCollaborationAnalysisTemplate
* - cleanrooms:GetSchema
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_StartProtectedJob.html
*/
toStartProtectedJob() {
return this.to('StartProtectedJob');
}
/**
* Grants permission to start protected queries
*
* Access Level: Write
*
* Dependent actions:
* - cleanrooms:GetCollaborationAnalysisTemplate
* - cleanrooms:GetSchema
* - s3:GetBucketLocation
* - s3:ListBucket
* - s3:PutObject
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_StartProtectedQuery.html
*/
toStartProtectedQuery() {
return this.to('StartProtectedQuery');
}
/**
* Grants permission to tag a resource
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsTagKeys()
* - .ifAwsRequestTag()
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_TagResource.html
*/
toTagResource() {
return this.to('TagResource');
}
/**
* Grants permission to untag a resource
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_UntagResource.html
*/
toUntagResource() {
return this.to('UntagResource');
}
/**
* Grants permission to update details of the analysis template
*
* Access Level: Write
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_UpdateAnalysisTemplate.html
*/
toUpdateAnalysisTemplate() {
return this.to('UpdateAnalysisTemplate');
}
/**
* Grants permission to update details of the collaboration
*
* Access Level: Write
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_UpdateCollaboration.html
*/
toUpdateCollaboration() {
return this.to('UpdateCollaboration');
}
/**
* Grants permission to update a configured audience model association
*
* Access Level: Write
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_UpdateConfiguredAudienceModelAssociation.html
*/
toUpdateConfiguredAudienceModelAssociation() {
return this.to('UpdateConfiguredAudienceModelAssociation');
}
/**
* Grants permission to update an existing configured table
*
* Access Level: Write
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_UpdateConfiguredTable.html
*/
toUpdateConfiguredTable() {
return this.to('UpdateConfiguredTable');
}
/**
* Grants permission to update analysis rules for a configured table
*
* Access Level: Write
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_UpdateConfiguredTableAnalysisRule.html
*/
toUpdateConfiguredTableAnalysisRule() {
return this.to('UpdateConfiguredTableAnalysisRule');
}
/**
* Grants permission to update a configured table association
*
* Access Level: Write
*
* Dependent actions:
* - iam:PassRole
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_UpdateConfiguredTableAssociation.html
*/
toUpdateConfiguredTableAssociation() {
return this.to('UpdateConfiguredTableAssociation');
}
/**
* Grants permission to update analysis rules for a configured table association
*
* Access Level: Write
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_UpdateConfiguredTableAssociationAnalysisRule.html
*/
toUpdateConfiguredTableAssociationAnalysisRule() {
return this.to('UpdateConfiguredTableAssociationAnalysisRule');
}
/**
* Grants permission to update an id mapping table
*
* Access Level: Write
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_UpdateIdMappingTable.html
*/
toUpdateIdMappingTable() {
return this.to('UpdateIdMappingTable');
}
/**
* Grants permission to update a entity resolution input association
*
* Access Level: Write
*
* Dependent actions:
* - entityresolution:GetIdNamespace
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_UpdateIdNamespaceAssociation.html
*/
toUpdateIdNamespaceAssociation() {
return this.to('UpdateIdNamespaceAssociation');
}
/**
* Grants permission to update details of a membership
*
* Access Level: Write
*
* Dependent actions:
* - iam:PassRole
* - logs:CreateLogDelivery
* - logs:CreateLogGroup
* - logs:DeleteLogDelivery
* - logs:DescribeLogGroups
* - logs:DescribeResourcePolicies
* - logs:GetLogDelivery
* - logs:ListLogDeliveries
* - logs:PutResourcePolicy
* - logs:UpdateLogDelivery
* - s3:GetBucketLocation
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_UpdateMembership.html
*/
toUpdateMembership() {
return this.to('UpdateMembership');
}
/**
* Grants permission to update details of the privacy budget template
*
* Access Level: Write
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_UpdatePrivacyBudgetTemplate.html
*/
toUpdatePrivacyBudgetTemplate() {
return this.to('UpdatePrivacyBudgetTemplate');
}
/**
* Grants permission to update protected jobs
*
* Access Level: Write
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_UpdateProtectedJob.html
*/
toUpdateProtectedJob() {
return this.to('UpdateProtectedJob');
}
/**
* Grants permission to update protected queries
*
* Access Level: Write
*
* https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_UpdateProtectedQuery.html
*/
toUpdateProtectedQuery() {
return this.to('UpdateProtectedQuery');
}
/**
* Adds a resource of type analysistemplate to the statement
*
* https://docs.aws.amazon.com/clean-rooms/latest/userguide/security-iam.html
*
* @param membershipId - Identifier for the membershipId.
* @param analysisTemplateId - Identifier for the analysisTemplateId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onAnalysistemplate(membershipId, analysisTemplateId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:cleanrooms:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:membership/${membershipId}/analysistemplate/${analysisTemplateId}`);
}
/**
* Adds a resource of type collaboration to the statement
*
* https://docs.aws.amazon.com/clean-rooms/latest/userguide/security-iam.html
*
* @param collaborationId - Identifier for the collaborationId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onCollaboration(collaborationId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:cleanrooms:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:collaboration/${collaborationId}`);
}
/**
* Adds a resource of type configuredaudiencemodelassociation to the statement
*
* https://docs.aws.amazon.com/clean-rooms/latest/userguide/security-iam.html
*
* @param membershipId - Identifier for the membershipId.
* @param configuredAudienceModelAssociationId - Identifier for the configuredAudienceModelAssociationId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onConfiguredaudiencemodelassociation(membershipId, configuredAudienceModelAssociationId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:cleanrooms:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:membership/${membershipId}/configuredaudiencemodelassociation/${configuredAudienceModelAssociationId}`);
}
/**
* Adds a resource of type configuredtable to the statement
*
* https://docs.aws.amazon.com/clean-rooms/latest/userguide/security-iam.html
*
* @param configuredTableId - Identifier for the configuredTableId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onConfiguredtable(configuredTableId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:cleanrooms:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:configuredtable/${configuredTableId}`);
}
/**
* Adds a resource of type configuredtableassociation to the statement
*
* https://docs.aws.amazon.com/clean-rooms/latest/userguide/security-iam.html
*
* @param membershipId - Identifier for the membershipId.
* @param configuredTableAssociationId - Identifier for the configuredTableAssociationId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onConfiguredtableassociation(membershipId, configuredTableAssociationId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:cleanrooms:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:membership/${membershipId}/configuredtableassociation/${configuredTableAssociationId}`);
}
/**
* Adds a resource of type idmappingtable to the statement
*
* https://docs.aws.amazon.com/clean-rooms/latest/userguide/security-iam.html
*
* @param membershipId - Identifier for the membershipId.
* @param idMappingTableId - Identifier for the idMappingTableId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onIdmappingtable(membershipId, idMappingTableId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:cleanrooms:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:membership/${membershipId}/idmappingtable/${idMappingTableId}`);
}
/**
* Adds a resource of type idnamespaceassociation to the statement
*
* https://docs.aws.amazon.com/clean-rooms/latest/userguide/security-iam.html
*
* @param membershipId - Identifier for the membershipId.
* @param idNamespaceAssociationId - Identifier for the idNamespaceAssociationId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onIdnamespaceassociation(membershipId, idNamespaceAssociationId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:cleanrooms:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:membership/${membershipId}/idnamespaceassociation/${idNamespaceAssociationId}`);
}
/**
* Adds a resource of type membership to the statement
*
* https://docs.aws.amazon.com/clean-rooms/latest/userguide/security-iam.html
*
* @param membershipId - Identifier for the membershipId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onMembership(membershipId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:cleanrooms:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:membership/${membershipId}`);
}
/**
* Adds a resource of type privacybudgettemplate to the statement
*
* https://docs.aws.amazon.com/clean-rooms/latest/userguide/security-iam.html
*
* @param membershipId - Identifier for the membershipId.
* @param privacyBudgetTemplateId - Identifier for the privacyBudgetTemplateId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onPrivacybudgettemplate(membershipId, privacyBudgetTemplateId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:cleanrooms:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:membership/${membershipId}/privacybudgettemplate/${privacyBudgetTemplateId}`);
}
/**
* Filters access by the tags that are passed in the request
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag
*
* Applies to actions:
* - .toCreateAnalysisTemplate()
* - .toCreateCollaboration()
* - .toCreateConfiguredAudienceModelAssociation()
* - .toCreateConfiguredTable()
* - .toCreateConfiguredTableAssociation()
* - .toCreateConfiguredTableAssociationAnalysisRule()
* - .toCreateIdMappingTable()
* - .toCreateIdNamespaceAssociation()
* - .toCreateMembership()
* - .toCreatePrivacyBudgetTemplate()
* - .toTagResource()
*
* @param tagKey The tag key to check
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsRequestTag(tagKey, value, operator) {
return this.if(`aws:RequestTag/${tagKey}`, value, operator ?? 'StringLike');
}
/**
* Filters access by the tags associated with the resource
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag
*
* Applies to actions:
* - .toCreateAnalysisTemplate()
* - .toCreateCollaboration()
* - .toCreateConfiguredAudienceModelAssociation()
* - .toCreateConfiguredTable()
* - .toCreateConfiguredTableAssociation()
* - .toCreateConfiguredTableAssociationAnalysisRule()
* - .toCreateIdMappingTable()
* - .toCreateIdNamespaceAssociation()
* - .toCreateMembership()
* - .toCreatePrivacyBudgetTemplate()
*
* Applies to resource types:
* - analysistemplate
* - collaboration
* - configuredaudiencemodelassociation
* - configuredtable
* - configuredtableassociation
* - idmappingtable
* - idnamespaceassociation
* - membership
* - privacybudgettemplate
*
* @param tagKey The tag key to check
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsResourceTag(tagKey, value, operator) {
return this.if(`aws:ResourceTag/${tagKey}`, value, operator ?? 'StringLike');
}
/**
* Filters access by the tag keys that are passed in the request
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys
*
* Applies to actions:
* - .toCreateAnalysisTemplate()
* - .toCreateCollaboration()
* - .toCreateConfiguredAudienceModelAssociation()
* - .toCreateConfiguredTable()
* - .toCreateConfiguredTableAssociation()
* - .toCreateConfiguredTableAssociationAnalysisRule()
* - .toCreateIdMappingTable()
* - .toCreateIdNamespaceAssociation()
* - .toCreateMembership()
* - .toCreatePrivacyBudgetTemplate()
* - .toTagResource()
* - .toUntagResource()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsTagKeys(value, operator) {
return this.if(`aws:TagKeys`, value, operator ?? 'StringLike');
}
/**
* Statement provider for service [cleanrooms](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awscleanrooms.html).
*
*/
constructor(props) {
super(props);
this.servicePrefix = 'cleanrooms';
this.accessLevelList = {
Read: [
'BatchGetCollaborationAnalysisTemplate',
'BatchGetSchema',
'BatchGetSchemaAnalysisRule',
'GetAnalysisTemplate',
'GetCollaboration',
'GetCollaborationAnalysisTemplate',
'GetCollaborationConfiguredAudienceModelAssociation',
'GetCollaborationIdNamespaceAssociation',
'GetCollaborationPrivacyBudgetTemplate',
'GetConfiguredAudienceModelAssociation',
'GetConfiguredTable',
'GetConfiguredTableAnalysisRule',
'GetConfiguredTableAssociation',
'GetConfiguredTableAssociationAnalysisRule',
'GetIdMappingTable',
'GetIdNamespaceAssociation',
'GetMembership',
'GetPrivacyBudgetTemplate',
'GetProtectedJob',
'GetProtectedQuery',
'GetSchema',
'GetSchemaAnalysisRule',
'PassCollaboration',
'PassMembership',
'PreviewPrivacyImpact'
],
Write: [
'CreateAnalysisTemplate',
'CreateCollaboration',
'CreateConfiguredAudienceModelAssociation',
'CreateConfiguredTable',
'CreateConfiguredTableAnalysisRule',
'CreateConfiguredTableAssociation',
'CreateConfiguredTableAssociationAnalysisRule',
'CreateIdMappingTable',
'CreateIdNamespaceAssociation',
'CreateMembership',
'CreatePrivacyBudgetTemplate',
'DeleteAnalysisTemplate',
'DeleteCollaboration',
'DeleteConfiguredAudienceModelAssociation',
'DeleteConfiguredTable',
'DeleteConfiguredTableAnalysisRule',
'DeleteConfiguredTableAssociation',
'DeleteConfiguredTableAssociationAnalysisRule',
'DeleteIdMappingTable',
'DeleteIdNamespaceAssociation',
'DeleteMember',
'DeleteMembership',
'DeletePrivacyBudgetTemplate',
'PopulateIdMappingTable',
'StartProtectedJob',
'StartProtectedQuery',
'UpdateAnalysisTemplate',
'UpdateCollaboration',
'UpdateConfiguredAudienceModelAssociation',
'UpdateConfiguredTable',
'UpdateConfiguredTableAnalysisRule',
'UpdateConfiguredTableAssociation',
'UpdateConfiguredTableAssociationAnalysisRule',
'UpdateIdMappingTable',
'UpdateIdNamespaceAssociation',
'UpdateMembership',
'UpdatePrivacyBudgetTemplate',
'UpdateProtectedJob',
'UpdateProtectedQuery'
],
List: [
'ListAnalysisTemplates',
'ListCollaborationAnalysisTemplates',
'ListCollaborationConfiguredAudienceModelAssociations',
'ListCollaborationIdNamespaceAssociations',
'ListCollaborationPrivacyBudgetTemplates',
'ListCollaborationPrivacyBudgets',
'ListCollaborations',
'ListConfiguredAudienceModelAssociations',
'ListConfiguredTableAssociations',
'ListConfiguredTables',
'ListIdMappingTables',
'ListIdNamespaceAssociations',
'ListMembers',
'ListMemberships',
'ListPrivacyBudgetTemplates',
'ListPrivacyBudgets',
'ListProtectedJobs',
'ListProtectedQueries',
'ListSchemas',
'ListTagsForResource'
],
Tagging: [
'TagResource',
'UntagResource'
]
};
}
}
ex